Step 2: Install Cloudera Manager server
Install the Cloudera Manager server.
- Log in to the Cloudera Manager server host.
-
Install the Cloudera Manager server by running the following command:
sudo yum install cloudera-manager-daemons cloudera-manager-agent cloudera-manager-server -
Add the following line at the end of the
/etc/default/cloudera-scm-server file:
export CMF_JAVA_OPTS="${CMF_JAVA_OPTS} -Dcom.cloudera.cmf.fipsMode=true -Dcom.safelogic.cryptocomply.fips.approved_only=true" -
Make the following changes to the Cloudera Manager configuration:
-
Open the
/etc/default/cloudera-scm-serverfile. -
Uncomment the following configurations related to FIPS:
# Enable FIPS mode # # To enable FIPS mode set the -Dcom.cloudera.cmf.fipsMode to true # export CMF_JAVA_OPTS="${CMF_JAVA_OPTS} -Dcom.cloudera.cmf.fipsMode=true" # # If JDK version is 11 or higher: # Uncomment and provide values below to include CCJ with FIPS mode export CMF_JAVA_OPTS="${CMF_JAVA_OPTS} -Dcom.cloudera.cloudera.cmf.fipsMode.jdk11plus.ccj.jar.path=/opt/cloudera/fips/ccj-3.0.2.1.jar -Dcom.cloudera.cloudera.cmf.fipsMode.jdk11plus.ccj.moduleName=ccj_module_name" # # If JDK version is 11 or higher: # Uncomment and provide values below to include BCTLS with FIPS mode export CMF_JAVA_OPTS="${CMF_JAVA_OPTS} -Dcom.cloudera.cloudera.cmf.fipsMode.jdk11plus.bctls.jar.path=/opt/cloudera/fips/bctls-safelogic.jar -Dcom.cloudera.cloudera.cmf.fipsMode.jdk11plus.bctls.moduleName=bctls_module_name"
For example:
If the ccj jar file name is ccj-test-3.0.2.1.jar, then the module name becomes cj.test. The version numbers are ignored.
Find out the module name using the following command:
$ sudo ${JAVA_HOME}/bin/jar --file=/opt/cloudera/fips/ccj-test-3.0.2.1.jar --describe-module No module descriptor found. Derived automatic module. ccj.test@3.0.2.1 automatic <---- module Name is ccj.test requires java.base mandated contains com.safelogic.cryptocomply -
Open the
